Interface MAC
-
- All Known Implementing Classes:
BaseMAC
,HMACMD5
,HMACMD596
,HMACRIPEMD160
,HMACSHA1
,HMACSHA196
,HMACSHA2256
,HMACSHA2512
public interface MAC
Message Authentication Code for use in SSH. It usually wraps a javax.crypto.Mac class.
-
-
Method Summary
Modifier and Type Method Description byte[]
doFinal()
byte[]
doFinal(byte[] input)
void
doFinal(byte[] buf, int offset)
int
getBlockSize()
void
init(byte[] key)
boolean
isEtm()
Indicates that an Encrypt-Then-Mac algorithm was selected.void
update(byte[] foo)
void
update(byte[] foo, int start, int len)
void
update(long foo)
-
-
-
Method Detail
-
doFinal
byte[] doFinal()
-
doFinal
byte[] doFinal(byte[] input)
-
doFinal
void doFinal(byte[] buf, int offset)
-
getBlockSize
int getBlockSize()
-
init
void init(byte[] key)
-
update
void update(byte[] foo)
-
update
void update(byte[] foo, int start, int len)
-
update
void update(long foo)
-
isEtm
boolean isEtm()
Indicates that an Encrypt-Then-Mac algorithm was selected.This has the following implementation details. 1.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms
OpenSSH supports MAC algorithms, whose names contain "-etm", that perform the calculations in a different order to that defined in RFC 4253. These variants use the so-called "encrypt then MAC" ordering, calculating the MAC over the packet ciphertext rather than the plaintext. This ordering closes a security flaw in the SSH transport protocol, where decryption of unauthenticated ciphertext provided a "decryption oracle" that could, in conjunction with cipher flaws, reveal session plaintext.
Specifically, the "-etm" MAC algorithms modify the transport protocol to calculate the MAC over the packet ciphertext and to send the packet length unencrypted. This is necessary for the transport to obtain the length of the packet and location of the MAC tag so that it may be verified without decrypting unauthenticated data.
As such, the MAC covers:
mac = MAC(key, sequence_number || packet_length || encrypted_packet)
where "packet_length" is encoded as a uint32 and "encrypted_packet" contains:
byte padding_length byte[n1] payload; n1 = packet_length - padding_length - 1 byte[n2] random padding; n2 = padding_length
- Returns:
- Whether the MAC algorithm is an Encrypt-Then-Mac algorithm
-
-